Gen5 being installed tomorrow at our church. Business account. We will need to add 3 access points to cover the church properly. Our plan is to add Unifi access points (from Ubiquiti). This requires a Unifi security gateway (or Edge router) to be connected to the HT2000 router/modem. My plan was to turn off the wifi on the HT2000 and simply connect the Unifi gateway to one of the LAN ports. But then I read that you must put the first router in bridge mode....but we cannot do that with HT2000. Here was my plan:
HT2000 > Unifi Security Gateway (USG) > Unifi Switch > Unifi access points controlled by a cloud key controller
Will the Unifi access point plan described above still work without bridge mode on the HT2000? If not, what is the best way to add access points to a Hughesnet Gen5 system?
Solved! Go to Solution.
Remote features wont be possible unless accessed via IPv6... As you said, these HT2000w units can't be put into a bridged mode, so chances are the UniFi Cloud Key will be useless for remote administration after you add on the fact you are behind CGN...
I have yet to run into a scenario where Ubiquiti AP's require a Unifi Gateway or Edge Router unless you are attempting to make remote management of the equipment and network easier, which again, is useless thanks to CGN, unless you can figure out something with IPv6...
@pswired and @tracerrx have been working together on their IPv6 conundrum together, the thread they are discussing remote IPv6 address in could provide some good insight in that area... https://community.hughesnet.com/t5/Tech-Support/HT2000W-IPv6-inbound-services/m-p/83342#M58814
To be fairly honest, I would just go HT2000w > Switch > AP's, disable the HT2000w wifi, and create my own wifi network. Never really touched their switches or anything else as the features are mostly useless IMO.
Remote features wont be possible unless accessed via IPv6... As you said, these HT2000w units can't be put into a bridged mode, so chances are the UniFi Cloud Key will be useless for remote administration after you add on the fact you are behind CGN...
I have yet to run into a scenario where Ubiquiti AP's require a Unifi Gateway or Edge Router unless you are attempting to make remote management of the equipment and network easier, which again, is useless thanks to CGN, unless you can figure out something with IPv6...
@pswired and @tracerrx have been working together on their IPv6 conundrum together, the thread they are discussing remote IPv6 address in could provide some good insight in that area... https://community.hughesnet.com/t5/Tech-Support/HT2000W-IPv6-inbound-services/m-p/83342#M58814
To be fairly honest, I would just go HT2000w > Switch > AP's, disable the HT2000w wifi, and create my own wifi network. Never really touched their switches or anything else as the features are mostly useless IMO.
Appreciate the response. Are you aware of any specific brands/ models for the switch and APs in the configuration you described?
It's what works best for each person... I am using a pair of consumer grade routers (Nighthawk R7000 with Merlin firmware) setup in AP mode and an HP Procurve 2848. Both access points are using the same SSID, password, and encryption type, but sit on opposite channels for 2.4Ghz and 5Ghz bands as well as opposite ends of my home. HT2000w wifi is disabled. In my case, all of my devices will hop between the two different access points with out me noticing anything what so ever.
I would probably consider sticking with the ubiquity access points at a minimum these days though (for the most part they are about as good as it gets for the price), and would use them in my own home network if I didn't already have the two consumer grade routers laying around.
I just don't see a point in buying other ubiquity products for a location that will be sitting behind Hughesnet unless you can figure out how to get IPv6 working in a remote manor.
My actual network layout is sort of as follows... HT2000w > PFSense Firewall > HP Procurve 2848 > remainder of LAN.
Based on this information, this is my plan:
HT2000w (wifi off) > Unifi switch (US-8-150w) > Unifi UAP AC Pro x 3
I guess I would need to first provision the three AP's using Unifi's controller software. Right? And could I still set up a guest SSID (recognizing that captive portal would not be an option)?
That, I am unsure... You might get the most support from the Ubiquity Support Forum in regards to their products and captive portal among other things.
UBNT Community Support
No problem. What is the PFSense Firewall you have in your config? Is this a piece of hardware or software running a PC?
It's FreeBSD running some software on another PC to act as a network firewall and router...
https://www.pfsense.org/
I'm starting to understand this. Can you provide a bit more info on your FreeBSD settings with HW2000?
...there are WAY too many settings to make it feasible to go over, a lot are tailored to my exact network setup as well.
No problem, I'll figure it out. Curious though, doesn't the HT2000 have a firewall built into it? Are you using FreeBSD because it offers more flexibilty and customization.....or is there something else I'm missing? Basically what I'm asking is in the set-up I described above with 3 access points, is it advisable to install a seperate firewall/router after the HT2000 or can one typically rely on the HT2000 to do this?
You can rely on just the HT2000w if you wanted to, it does have a firewall built in.
I am using PFSense mostly for DNSBL, and Content Filtering on my network.
@C0RR0SIVE wrote:Remote features wont be possible unless accessed via IPv6... As you said, these HT2000w units can't be put into a bridged mode, so chances are the UniFi Cloud Key will be useless for remote administration after you add on the fact you are behind CGN...
@C0RR0SIVE. I just had this bright idea, and perhaps it's beyond the scope of this forum, but thought I'd ask anyway. With the goal of having the access points controlled and configured such that we can have more robust control over guest accounts (to limit speed, etc), what if instead of a Unifi USG/CLoad Key arrangement I originally described (which would require IPv6 enablement/bridge mode), we use an always-on PC running Unifi Controller software connected locally to the Unifi switch? While there would be no remote control of the network (thus no IPv6 complications), I'm thinking all the other features of the Contrioller could be enabled (Unifi AP guest wifi speed control, data limits, etc). What you think? Am I missing something in the way HT2000w would behave in this set-up?
HT2000w > Unifi switch > local PC running Unifi Controller
> Unifi access points
Has anyone tried setting up the HT2000W to use the DMZ and have your router then serve as the firewall and net router. This way the HT2000W just acts as a de-facto modem?